The PLAIN SASL bind does expect a DN in the authcid field. We should allow the definition of an AT

Right now, we are expecting the user to provide a full DN in the authcid part of the SASL PLAIN bind. It would be very convenient to allow the user to provide a simple name, and to configure the server to look at a specific AT to fetch the entry.

For instance, we can decide that the uid Attribute is the one to look for when searching the authcid. We will then do a search for (uid=<authcid>) and check the userPassword from the found entry.

Another option : we could ad dn: for DN values, and u: for plain text values (with a default to u.

The AttributeType to use should be configurable.